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Claims: 

1. A method performed by a server of a public key system, said public key 
system further comprising a plurality of client terminals, said method 
comprising the steps of: 

storing a first list of fingerprints of digitally encoded data; 

computing a first fingerprint for at least a part of said list of fingerprints; 
and 

providing said computed first fingerprint. 

2. The method according to claim 1 , wherein said step of computing said first 
fingerprint comprises the steps of: 

obtaining one or more entries of said first list of fingerprints, whereby 
said one or more entries are to be covered by said first fingerprint; and 

computing a hash value on at least said obtained one or more entries. 

3. The method according to claim 1 or 2, wherein said first list of fingerprints 
further comprises at least one of the following: 

a unique identifier associated with each fingerprint; 

a time specification associated with each fingerprint, whereby said time 
specification specifies at least one of a time of entry into said first list 
associated with said fingerprint or said digital data, a time of 
generation of said fingerprint or said digital data, or a time of provision 
of said fingerprint or said digital data to said server; or 

a link to digital data or an association with digital data of each 
fingerprint 

4. The method according to claims 2 and 3, wherein said one or more entries in 
said step of obtaining said computed first fingerprint further comprising at least 
one of a unique identifier or a time specification associated with a fingerprint. 
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5 5. The method according to claim 3 or 4, wherein said unique identifier, said time 
specification, said link or said association are established and assigned by 
said server as part of said storing step. 

6. The method according to one of claims 1 to 5, wherein said step of providing 
said computed first fingerprint comprises attaching said first fingerprint to a 

10 message that is sent to at least one of said plurality of user terminals. 

7. The method according to one of claims 1 to 6, wherein said step of providing 
said computed first fingerprint or said step of computing said first fingerprint 
further comprises signing said first fingerprint by said server. 

8. The method according to one of claims 1 to 7, wherein said step of storing a 
1 5 first list of fingerprints comprises the steps of: 

receiving digital data; 

establishing at least one of the integrity of said digital data, the identity 
of a sender of said digital data and the authenticity of said sender; 
whereby said establishing comprises at least one of verifying a digital 
20 signature for said digital data, verifying a fingerprint associated with 

said digital data or sender, using a secure and trusted connection for 
the communication with said sender, and applying an encryption 
scheme for the said received digital data; 

computing a hash value on at least said digital data; and 

25 adding said hash value to said first list of fingerprints. 

9. The method according to one of claims 1 to 8, wherein at least said steps of 
computing a first fingerprint and providing said computed first fingerprint are 
performed repeatedly according to a timed schedule, and wherein said first list 
of fingerprints can be augmented or continued with further entries. 



30 10. The method according to claim 9, wherein said step of providing said 
computed first fingerprint comprises providing or updating said first fingerprint 
on an hourly, daily, weekly, monthly or another regular time period basis. 
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5 11. The method according to one of claims 1 to 10, wherein said step of providing 
said computed first fingerprint further comprises associating and providing at 
least one of a time specification, a validity period information or another 
identifier providing for establishing the validity of said provisioned first 
fingerprint. 

10 

12. A method performed by a client terminal of a public key system, said public 
key system comprising a plurality of client terminals and at least one server, 
said method comprising the steps of: 

obtaining a first list of fingerprints of digitally encoded data from a first 
1 5 source; 

obtaining a first fingerprint of said list of fingerprints from a first source; 

obtaining a second fingerprint of said list of fingerprints from a second 
source; and 

comparing said first and said second fingerprint. 

20 13. The method according to claim 12, further comprising the steps of: 

computing a fingerprint of said obtained first list of fingerprints; 

comparing said computed fingerprint and said obtained first and 
second fingerprints; 

if at least one of said comparing steps result in different fingerprints, 
25 establishing that the data integrity of said received fingerprints or said 

first list of fingerprints has been compromised; 

14. The method according to claim 12 or 13, further comprising the steps of: 

obtaining at least one of said digitally encoded data of said fingerprint 
list; 



30 



computing a fingerprint of said obtained digital data; 
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comparing said computed fingerprint with the fingerprint for said 
obtained digital data in said received list of fingerprints; and 

if said comparing step results in different fingerprints, establishing that 
the data integrity of said received digital data or said list of fingerprints 
has been compromised; 

15. The method according to one of claims 12 to 14, further comprising at least 
one of: 

verifying a digital signature for said received first and second 
fingerprint; 

verifying a digital signature for a received list of fingerprints; 

verifying a fingerprint associated with said received first and second 
fingerprint or said first and second source; and 

receiving a user input to perform at least one of said steps of verifying 
a digital signature and verifying a fingerprint. 

16. The method according to one of claims 12 to 15, wherein said steps of 
obtaining said first and second fingerprint comprising a step of 

receiving said first and second fingerprint together with a message 
sent to said client terminal via communications media of a public 
network connecting said client terminals and said server; and 

said method further comprising a step of: 

attaching a fingerprint of said list of fingerprints to a message sent to 
another client terminal via said communications media of a public 
network connecting said client terminals. 

17. The method according to claim 16, wherein said steps of obtaining said first 
and second fingerprint and attaching a fingerprint are accomplished 
automatically without an explicit request by the receiving client terminal of said 
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message but as part of a regular communication between client terminals not 
established for the purpose of exchanging said first or second fingerprint. 

18. The method according to one of claims 12 to 19 and 16, wherein said step of 
attaching a fingerprint further comprises associating and attaching at least one 
of a time specification, a validity period information or another identifier 
providing for establishing the validity of said provisioned fingerprint. 

19. The method according to one of claims 16 to 18, wherein said step of attaching 
a fingerprint to a message is only performed for fingerprints that are verified by 
said client terminal to be valid and authentic; whereby said verification may 
depend on the number of successful comparing steps that were performed for 
said attached fingerprint with received corresponding fingerprints of mutually 
different and/or independent sources; and wherein said step of attaching a 
fingerprint further comprises signing said fingerprint by said client terminal 
using a private key of said client terminal. 

20. The method according to one of claims 12 to 19, wherein said steps of 
obtaining said first and second fingerprint comprising a step of 

determining whether a received fingerprint and/or a received list of 
fingerprints is valid and represents the latest published version by 
means of associated or attached information to said received 
fingerprint and/or received list of fingerprints or by means of a 
predetermined timed schedule known to said client terminal; and 

if said received fingerprint and/or a received list of fingerprints is not 
valid, disregarding said received fingerprint and/or received list of 
fingerprints or requesting a fingerprint and/or a list of fingerprints from 
another source to replace the invalid versions. 

21. The method according to one of claims 12 to 20, wherein said client terminal 
further keeps and updates a record of received first and second fingerprints 
from different sources, whereby said record may comprise identifiers of the 
source of each fingerprint and whereby said updating may comprise removing 
a fingerprint from said record after having established that said fingerprint is 
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invalid or said fingerprint or the respective source of said fingerprint cannot be 
trusted or successfully authenticated. 

22. The method according to one of claims 13 to 21, wherein said client terminal 
reports to at least one of said system, said server, a certificate authority of said 
system and a user of said client terminal in case said client terminal 
determines that the data integrity of said received fingerprints or said list of 
fingerprints has been compromised, whereby said reporting may comprise 
identifying and reporting the source of said compromised fingerprints or list. 

23. The method according to one of claims 2 to 11, wherein said step of obtaining 
one or more entries of said first list of fingerprints comprises obtaining a 
specific segment of entries of said first list of fingerprints, and wherein said 
step of computing said first fingerprint further comprises the steps of: 

storing said computed hash value in a second list of fingerprints; 

obtaining one or more entries of said second list of fingerprints in the 
same manner as said step of obtaining one or more entries of said first 
list, whereby said one or more entries are to be covered by said first 
fingerprint; and 

computing a hash value on at least said obtained one or more entries 
of said second list of fingerprints in the same manner as said first step 
of computing a hash value. 

24. The method according to claims 23 and 3, wherein said specific segment is 
defined by a time interval, whereby said time specification of said obtained 
entries in said first list of fingerprints are associated with or covered by said 
time interval. 

25. The method according to claim 23 or 24, wherein said step of obtaining one or 
more entries of said second list of fingerprints comprises obtaining a specific 
segment of said second list of fingerprints, and wherein said step of computing 
said second fingerprint further comprises the steps of: 
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storing said computed hash value in a third list of fingerprints; and 

obtaining one or more entries of said third list of fingerprints in the 
same manner as said step of obtaining one or more entries of said first 
list, whereby said one or more entries are to be covered by said first 
fingerprint; and 

computing a hash value on at least said obtained one or more entries 
of said third list of fingerprints in the same manner as said first step of 
computing a hash value including optional steps of storing said hash 
value in a further list of fingerprints and subsequently computing a 
further hash value covering entries of said further list. 



26. The method according to one of claims 23 to 25, wherein said server provides 
said second list, said third list, said specific segment, a particular entry of said 
first, said second or said third list and/or a particular entry of a segment to 
another client terminal or to another party of said system, whereby said 
another client terminal or party has requested said provision. 

27. The method according to claim 26, wherein said server receives a request 
specifying at least one of: a time interval, a specific fingerprint of one of said 
lists of fingerprints and the respective digital data to said specific fingerprint. 

28. The method according to one of claims 23 to 27, wherein several second and 
several third lists of fingerprints and respectively several second and third 
fingerprints of said fingerprint lists are computed and/or provided, whereby 
each list may be used for different kinds of digital data, according to different 
time schedules and time intervals, and/or according to different maximum 
numbers of entries in each list. 

29. The method according to one of claims 23 to 28, wherein said second list of 
fingerprints is said first list of fingerprints or a specific segment of said first list 
of fingerprints. 
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5 30. The method according to claim 28, wherein said different time schedules, 
different time intervals or said different maximum numbers of entries are 
adapted or specified by said server or a dedicated means of said system 
according to payload and performance specifications for at least one of said 
system, said server and said client terminals. 

10 31. The method according to one of claims 23 to 30, wherein said computed 
fingerprints of at least one of said first list of fingerprints, said second list of 
fingerprints or said first fingerprint can be further added to at least one of said 
specific segment of said first list, another segment of said first list, another first 
list, said second list, another second list, said third list, another third list, or a 

1 5 further list of fingerprints compiled from entries of said lists. 

32. The method according to one of claims 23 to 31 , wherein one or more entries 
of said segment, said first list, said second list, and/or said third list are added 
to at least one of said specific segment of said first list, another segment of 
said first list, another first list, said second list, another second list, said third 
20 list, another third list, or a further list of fingerprints compiled from entries of 

said lists. 



33. The method according to one of claims 12 to 22, further comprising the steps 
of: 

25 obtaining digital data; 

requesting a second list of fingerprints, whereby said second list of 
fingerprints comprises fingerprint entries that are to be used for 
computing at least one of the fingerprints in said first list of fingerprints, 
and whereby at least one of said fingerprint entries covers said 
30 obtained digital data; 

obtaining said requested second list of fingerprints; 



computing a first hash value on the fingerprint entries of said second 
list that are to be used for computing a specific fingerprint in said first 



WO 2004/028077 



47 



PCTYEP2003/007829 



list of fingerprints, whereby at least one of said fingerprint entries 
covers said obtained digital data and whereby said specific fingerprint 
therefore covers said obtained digital data; 

comparing said computed first hash value with said specific fingerprint; 

if said comparing step results in different fingerprints, establishing that 
the data integrity of said obtained digital data or at least one of said 
lists of fingerprints has been compromised; 

computing a second hash value for said obtained digital data; 

comparing said computed second hash value with the fingerprint in 
said second list of fingerprints that covers said obtained digital data; 
and 

if said comparing step results in different fingerprints, establishing that 
the data integrity of said obtained digital data or at least one of said 
lists of fingerprints has been compromised. 

34. The method according to claim 33, wherein said step of computing a second 
hash value for said obtained digital data comprises the steps of: 

requesting a third list of fingerprints, whereby said third list of 
fingerprints comprises fingerprint entries that are to be used for 
computing at least one of the fingerprints in said second list of 
fingerprints, and whereby at least one of said fingerprint entries covers 
said obtained digital data; 

obtaining said requested third list of fingerprints; 

computing a third hash value on the fingerprint entries of said third list 
that are to be used for computing a specific fingerprint in said second 
list of fingerprints, whereby at least one of said fingerprint entries in 
said third list of fingerprints covers said obtained digital data; 
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5 comparing said computed third hash value with said specific fingerprint 

in said second list of fingerprints; 

if said comparing step results in different fingerprints, establishing that 
the data integrity of said obtained digital data or at least one of said 
lists of fingerprints has been compromised. 

10 35. The method according to claim 33 or 34, wherein at least one of said first , said 
second or said third list of fingerprints is a segment of another list of 
fingerprints. 

36. The method according to one of claims 33 to 35, wherein said steps of 
requesting a list of fingerprints comprising a step of specifying said requested 

1 5 list of fingerprints by specifying at least one of: 

a time interval associated with the entries of said requested list, 
a time specification for at least one entry of said requested list, 
at least one fingerprint of said requested list; 

at least one digital data covered by at least fingerprint of said 
20 requested list, 

an identifier for said requested list, and 

an identifier for at least one entry of said requested list. 

37. The method according to one of claims 1 to 36, wherein said digital data is 
comprised of at least one of: a public key of a public key pair, a certificate, a 

25 computer program, a software file, a database, an executable file, a digital 

picture, video or audio information and a data file. 

38. A system comprising at least one server according to one of claims 1 to 1 1 or 
claims 23 to 32 and at least one client terminal according to one of claims 12 
to 22 or claims 33 to 36. 



30 39. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals to participate in and perform operations 
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according to a method as specified by one of claims 12 to 22 or claims 33 to 
36. 

40. A computer-readable storage medium having a computer program for 
controlling a server to participate in and perform operations according to a 
method as specified by one of claims 1 to 1 1 or claims 23 to 32. 



41. A method for providing for a secure distribution of digital data in a public key 
system, the method comprising: 

encrypting digital data using a public key of a first key pair; 

preventing the decryption of said encrypted digital data by preventing the use 
of the corresponding private key of said first key pair; and 

replacing said first key pair with a second key pair for encrypting and 
decrypting further digital data. 



42. The method according to claim 41, wherein said preventing step comprises 
revoking or deleting said private key. 

43. The method according to claim 41 or 42, wherein said encrypting step is 
performed by a first party of said system, the corresponding decryption is 
performed by a second party of said system, said preventing and said 
replacing steps are at least one of controlled, initiated and enforced by means 
of said system, whereby said method further comprises a step of providing 
said encrypted digital data to said second party via a network and a step of 
storing said encrypted digital data or a respective copy thereof by said second 
party. 

44. The method according to claim 43, wherein said network is the Internet. 
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45. The method according to one of claims 41 to 44, wherein said preventing step 
is automatically performed according to a first schedule and said replacing 
step is automatically performed according to a second schedule. 

46. The method according to claims 43 and 45, whereby said first and said second 
schedule are independent from one another and specified by either said 
system or said first party. 

47. The method according to claim 45 or 46, wherein at least one of said first and 
said second schedule comprises respectively a first and a second time span, 
whereby respectively said preventing step and said replacing step are 
performed after said first and said second time span have expired, and 
whereby respectively said first and/or said second time span starts with one of 
the following: 

said encrypting step; 

said provision of said encrypted data to said second party; 

the generation or distribution of said first or second key pair; or 

a predetermined time after the respectively other first or second time 
span has started; 

48. The method according to one of claims 41 to 47, wherein at least one of said 
first and said second key pair is generated, distributed or provided by 
dedicated means of said system. 

49. The method according to one of claims 41 to 48, wherein more than one first 
key pair is used in concurrent or overlapping time periods and/or replaced by 
more than one second key pairs. 

50. The method according to claims 49 and 43, wherein each of said more than 
one first key pairs is respectively used for at least one of different kinds of 
digital data, different groups of said first parties and different groups of said 
second parties, whereby said preventing step and said replacing step are 
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5 selectively and independently applied to each of said more than one first key 

pair to selectively control the access to said encrypted digital data. 

51. The method according to one of claims 41 to 50, further comprising a step of 
preventing the use of the public key of said first key pair by controlled deleting 
or revoking said public key. 

10 52. The method according to claims 43 and 51, wherein said step of preventing 
the use of said public key is at least one of initiated, controlled and enforced by 
means of said system or said first party, whereby said method is used to 
provide for said second user to still access said digital data by said decryption 
process using said private key after said step of preventing the use of said 

1 5 public key. 

53. The method according to one of claims 41 to 51, wherein said method is used 
for at least one of: 

undermining fraud to said previously encrypted data; 

said digital data that is to be deleted after a specified or predetermined 
20 time frame, whereby additionally possible backup copies and/or log 

information of said encrypted digital data are also to be deleted; 

ensuring that a possible disclosure of said private key of said first key 
pair does not compromise the security and privacy of said encrypted 
digital data. 

25 



54. A method for controlling the distribution of digital data in a public key system, 
the method comprising: 



30 



computing encrypted digital data by encrypting said digital data using a public 
key of a first key pair; 
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decrypting said encrypted digital data using the corresponding private key of 
said first key pair; 

preventing said encryption step for further digital data by preventing the use of 
said public key; and 

replacing said first key pair with a second key pair for encrypting and 
decrypting further digital data. 

55. The method according to claim 54, wherein said encrypting step is performed 
by a first party of said system, the corresponding decrypting step is performed 
by a second party of said system, said preventing and replacing steps are at 
least one of controlled, initiated and enforced by dedicated means of said 
system, whereby said method further comprises a step of providing said 
encrypted digital data to said second party via a network. 

56. The method according to claim 54 or 55, wherein said preventing step 
comprises revoking or deleting said public key. 

57. The method according to one of claims 54 to 56, further comprising a step of 
controlled deleting or revoking said private key of said first key pair by means 
of said system. 



58. A method for controlling the distribution of digital data in a public key system, 
the method comprising: 

computing a digital signature on said digital data using a private key of a first 
key pair according to a first digital signature scheme; 

verifying said digital signature using the corresponding public key of said first 
key pair according to said first digital signature scheme; 

preventing said computing step for further digital data by preventing the use of 
said private key; and 
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replacing said first key pair with a second key pair for computing and verifying 
digital signatures on further digital data. 

59. The method according to claim 58, wherein said computing step is performed 
by a first party of said system, the corresponding verifying step is performed by 
a second party of said system, said preventing and replacing steps are at least 
one of controlled, initiated and enforced by dedicated means of said system, 
whereby said method further comprises a step of providing said digital 
signature and said digital data to said second party via a network. 

60. The method according to claim 58 or 59, wherein said second party rejects 
said provided digital data if said step of verifying said digital signatures fails, or 
wherein said second party is only able to or allowed to use and access said 
provided digital data if said verifying step succeeds. 

61 . The method according to one of claims 58 to 60, wherein said method further 
comprises a step of encrypting said digital data in connection with said 
computing step and a step of decrypting said digital data after a successful 
verifying step. 

62. The method according to one of claims 58 to 61, wherein said preventing step 
comprises revoking or deleting said private key. 

63. The method according to one of claims 55, 56, or claims 59 to 62, wherein said 
network is the Internet. 

64. The method according to one of claims 54 to 63, wherein said preventing step 
is automatically performed according to a first schedule and said replacing 
step is automatically performed according to a second schedule. 

65. The method according to claims 64 and 55 or according to claims 64 and 59, 
whereby said first and said second schedule are independent from another 
and specified by either said system or said first party. 

66. The method according to claim 64 or 65, wherein at least one of said first and 
said second schedule comprise respectively a first and a second time span, 
whereby respectively said preventing step and said replacing step are 
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performed after said first and said second time span have expired, and 
whereby respectively said first and said second time span starts with one of 
the following: 

said computing step; 

said step of providing to said second party; 

the generation or distribution of said first or second key pair; or 

a predetermined time after the respectively other first or second time 
span has started; 

67. The method according to one of claims 54 to 66, wherein at least one of said 
first and said second key pair is generated, distributed or provided by said 
system. 

68. The method according to one of claims 54 to 67, wherein more than one first 
key pair is used in concurrent or overlapping time periods. 

69. The method according to claims 68 and 55 or according to claims 68 and 59, 
wherein each of said more than one first key pair is respectively used for at 
least one of different kinds of digital data, different groups of said first parties 
and different groups of said second parties, whereby said preventing step and 
said replacing step are selectively and independently applied to each of said 
more than one first key pair to selectively control the secure distribution to said 
digital data. 

70. The method according to one of claims 54 to 69, whereby said method is used 
to control that no additional digital data can be added to a pool of digital data, 
whereby previous digital data associated with said pool can still be distributed, 
used or accessed, whereby different pools of digital data are established by 
different key pairs. 

71. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals of a public key system to participate in 
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and perform operations according to a method as specified by one of claims 
54 to 70. 

72. A computer-readable storage medium having a computer program for 
controlling a server of a public key system to participate in and perform 
operations according to a method as specified by one of claims 54 to 70. 



73. A method for providing a layered asymmetric encryption of digital data in a 
data distribution system, said method comprising the steps of: 

encrypting said digital data using a first key in a first encryption layer; 

encrypting said first key using a second key in said first encryption 
layer; 

encrypting said encrypted first key using a third key in a second 
encryption layer; 

providing said encrypted data and said encrypted first key; 

decrypting said encrypted first key according to said second encryption 
layer; and 

decrypting said encrypted first key according to said first encryption 
layer; and 

decrypting said encrypted digital data according to said first encryption 
layer. 

74. The method according to claim 73, wherein said encrypting step of said digital 
data is performed by a first party of said system, whereby said first key is a 
symmetric key, 
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said encrypting step of said first key in said first encryption layer is performed 
by said first party, whereby said second key is the public key of a first public 
key pair, 

said encrypting step of said encrypted first key in said second encryption layer 
is performed by said first party or a second party of said system, whereby said 
third key is the public key of a second public key pair, 

said providing step provides said encrypted data and said encrypted first key 
to a third party of said system by means of a network, 

said decrypting step of said encrypted first key according to said second 
encryption layer is performed by said third party using the private key of said 
second public key pair, 

said decrypting step of said encrypted first key according to said first 
encryption layer is performed by said third party or a fourth party of said 
system using the private key of said first public key pair, 

said decrypting step of said encrypted digital data is performed by said third or 
fourth party using said decrypted first key. 

75. The method according to claim 73 or 74, further comprising 

a step of encrypting said encrypted first key using a fourth key in a third 
encryption layer after said encrypting in said second encryption layer, and 

a step of decrypting said encrypted first key according to said third encryption 
layer before said decrypting step according to said second encryption layer. 

76. The method according to claim 75, wherein said step of encrypting said first 
key using said fourth key is performed by one of said first party, said second 
party or a fifth party, whereby said fourth key is the public key of a third public 
key pair, and said step of decrypting according to said third encryption layer is 
performed by one of said third party, said fourth party or a sixth party of said 
system using the private key of said third public key pair. 
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78. 
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79. 
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The method according to one of claims 73 to 76, wherein one or more of said 
encrypting steps of said first key further comprising encrypting said digital data 
using the encryption key of the respective encryption layer. 

The method according to one of claims 74 to 77, wherein one or more of said 
encryption steps of said encrypted first key comprise: 

encrypting said first key using a further symmetric key, 

encrypting said further symmetric key using the public key of the 
respective public key pair of the encryption layer of said one or more 
encryption step, and 

associating said encrypted further symmetric key with said encrypted 
first key, whereby said encrypted further symmetric key is treated in 
the same manner as said first key by any following encryption layer, 
whereby said following encryption layer regards both encrypted keys 
either as one key information part or as two separate encrypted keys; 
and 

wherein the corresponding decrypting step of said encryption steps comprise: 

decrypting said encrypted further symmetric key using the private key 
of the public key pair of said respective encryption layer, 

decrypting said encrypted first key using said decrypted further 
symmetric key. 



A method for controlling the distribution path of digital data from a sender to a 
recipient via a network, whereby said network comprises a plurality of 
connected network nodes, said method comprising the steps of: 



30 



a) encrypting said digital data using a first key in a first encryption 
layer; 
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b) encrypting said first key using a second key in said first encryption 
layer, whereby said second key is a public key associated with said 
recipient of said digital data; 

c) encrypting said encrypted first key using a third key in a second 
encryption layer, whereby said third key is a public key associated 
with a first network node said digital data is defined to pass along a 
distribution path through said network to said recipient; 

d) providing said encrypted data and said encrypted first key to said 
first network node; 

e) decrypting said encrypted first key at said first network node 
according to said second encryption layer using the corresponding 
private key to said public key of said first network node; 

f) providing said encrypted data and said encrypted first key to said 
recipient; 

g) decrypting said encrypted first key according to said first encryption 
layer using the corresponding private key of said public key of said 
recipient; and 

h) decrypting said encrypted digital data according to said first 
encryption layer using said decrypted first key. 

80. The method according to claim 79, wherein said encrypting step c) is 
performed by said sender or a third network node the message comprised of 
said encrypted data and said encrypted first key has previously passed. 

81 . The method according to claim 79 or 80, further comprising the steps of 

encrypting said encrypted first key using a fourth key in a third 
encryption layer, whereby said fourth key is a public key associated 
with a second network node said digital data is defined to pass along a 
distribution path through said network to said recipient; 
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providing said encrypted data and said encrypted first key to said 
second network node; and 

decrypting said encrypted first key at said second network node 
according to said third encryption layer using the corresponding private 
key of said public key of said second network node; 

82. The method according to claim 81, wherein said encrypting step is performed 
by one of said sender, said first network node, or a third network node said 
message comprised of said encrypted data and said encrypted first key has 
previously passed. 

83. The method according to one of claims 79 to 82, further comprising the 
following steps that are performed by each network node after having received 
said encrypted digital data and said encrypted first key: 

establishing whether said received encrypted first key is to be 
decrypted by said network node according to a specific encryption 
layer; 

if said network node has to decrypt said encrypted first key, decrypting 
said encrypted first key according to said specific encryption layer 
using the respective private key; 

establishing the next network node of said network including said 
recipient, said encrypted digital data and said encrypted first key have 
to be provided to by said network node; 

establishing whether said encrypted first key has to be encrypted in at 
least one further encryption layer using a public key associated with 
said next network node and/or a public key of a further network node; 

if said encrypted first key has to be encrypted, obtaining said public 
key and encrypting said encrypted first key according to said further 
encryption layer using said public key according to said further 
encryption layer; 
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5 84. The method according to one of claims 79 to 83, wherein said sender and/or a 
network node transmitting said encrypted data and said encrypted first key 
specifies at least one network node of said network including said recipient, 
said encrypted data and said encrypted first key have to pass when being 
transmitted to said recipient. 

10 85. The method according to claim 84, wherein said specifying is at least 
comprised of encrypting said encrypted first key according to an encryption 
layer using a public key of said specified network node. 

86. A computer-readable storage medium having a computer program for 
controlling a plurality of network nodes of a network, said computer program 

15 causing a network node to perform the steps of claim 83 after having received 

a message comprised of an encrypted digital data part and an encrypted first 
key part. 

87. The computer program according to claim 86, further causing said network 
nodes to perform the step of specifying at least one network node of said 

20 network including said recipient, said encrypted data and said encrypted first 

key have to pass when being transmitted to said recipient, whereby said 
specifying step at least comprises encrypting said encrypted first key 
according to an encryption layer using a public key of said specified network 
node. 

25 88. The computer program according to claim 86, further controlling said network 
nodes to participate in and perform operations according to a method as 
specified by one of claims 74 to 85. 

89. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals of a public key system to participate in 
30 and perform operations according to a method as specified by one of claims 

73 to 85. 
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90. A method for controlling the distribution of digital data in a public key system 
using digital signatures on said digital data, said method comprising the steps 
of: 

computing a hash value of said digital data by a sender; 

computing a first digital signature by said sender by encrypting said 
hash value according to a first digital signature scheme using a first 
private key of a first public key pair; 

computing a second digital signature by encrypting said first digital 
signature according to a second digital signature scheme using a 
second private key of a second public key pair; 

providing said second digital signature and said digital data to a 
recipient of said digital data; 

computing a first verification value of said second digital signature 
according to said second digital signature scheme using the public key 
of said second public key pair; 

computing a second verification value of said first verification value 
according to said first digital signature scheme using the public key of 
said first public key pair; 

obtaining a hash value of said digital data; 

comparing said obtained hash value and said second verification 
value; and 

if said comparing step shows different values, establishing that the 
data distribution process to said recipient deviates from the intended 
process flow. 

91 . The method according to claim 90, further comprising the step of: 
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obtaining said first digital signature in either said providing step 
together with said provided digital data and said provided second 
digital signature or in a further providing step; 

comparing said obtained first digital signature and said computed first 
verification value; 

if said comparing step shows different values, establishing that the 
data distribution process to said recipient deviates from the intended 
process flow. 

92. The method according to claim 90 or 91, wherein said obtaining step of said 
hash value comprises at least one of 

computing said hash value from said provided digital data in the same 
manner as said first computing step of said hash value performed by 
said sender, or 

obtaining said hash value in said providing step together with said 
provided digital data and said provided second digital signature. 

93. The method according to one of claims 90 to 92, wherein said step of 
computing a second digital signature further comprises the step of: 

computing a third digital signature by encrypting said first digital 
signature according to a third digital signature scheme using a third 
private key of a third public key pair to replace said first digital 
signature prior to said computing of said second digital signature; and 

wherein said step of computing a second verification value further comprises 
the step of: 

computing a third verification value of said first verification value 
according to said third digital signature scheme using the public key of 
said third public key pair to replace said first verification value prior to 
said computing of said second verification value. 

94. The method according to claim 93, further comprising the steps of: 
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5 obtaining said third digital signature in one of said providing step 

together with said provided digital data and said provided second 
digital signature, or a further providing step; 

comparing said obtained third digital signature and said computed first 
verification value prior to said step of computing a second verification 
10 value; 

if said comparing step shows different values, establishing that the 
data distribution process to said recipient deviates from the intended 
process flow. 

95. The method according to one of claims 90 to 94, wherein said digital is 
15 encrypted for said distribution process in the manner as defined by at least one 

of claims 73 to 78, whereby each of said computing steps of said digital 
signatures and the respective computing steps of said verification values, the 
respective comparing and establishing steps are associated to and performed 
ion connection with one of said encryption layers. 

20 96. A method for controlling the distribution path of digital data from a sender to a 
recipient via a network, whereby said network comprises a plurality of 
connected network nodes, said method comprising the steps of one of claims 
90 to 94, whereby at least one of said network nodes performs one of said 
steps of computing a digital signature. 

25 97. The method according to claims 96 and 90, whereby at least one of said 
network nodes performs said steps of computing a verification value, obtaining 
a hash value, comparing and establishing. 

98. The method according to one of claims 91 to 94 and one of claims 96 to 97, 
whereby at least one of said network nodes performs at least one group of the 
30 following steps, whereby each step is associated with one specific of said 

public key pairs: 

said step of computing a verification value, 



said step of obtaining a digital signature, 



WO 2004/028077 



64 



PCT/EP2003/007829 



said step of comparing said obtained digital signature and said 
computed verification value, and 

said establishing step. 

99. The method according to claim 79 or 80, further comprising the steps of 

encrypting said encrypted first key using a fourth key in a third 
encryption layer, whereby said fourth key is a public key associated 
with a second network node said digital data is defined to pass along a 
distribution path through said network to said recipient; 

providing said encrypted data and said encrypted first key to said 
second network node; and 

decrypting said encrypted first key at said second network node 
according to said third encryption layer using the corresponding private 
key of said public key of said second network node; 

100. The method according to one of claims 90 to 99, wherein the signature 
schemes, each associated with one of said public key pairs, can be different 
from one another and are predetermined or specified by said system, said 
sender of said digital data, or another party within said system that provides 
said digital data to another party within said system. 

101. The method according to one of claims 96 to 100, further comprising the 
following steps that are performed by each network node after having received 
said digital data and said digital signature: 

establishing whether said received digital signature has to be digitally 
signed by said network; 

if said network node has to digitally sign said received digital signature, 
computing a further digital signature by encrypting said received digital 
signature according to a further digital signature scheme using a 
further private key of a further public key pair to replace said received 
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5 digital signature prior to providing said digital data and said computed 

digital signature to a further network node or to said recipient; 

establishing the next network node of said network including said 
recipient, said digital data and said computed digital signature have to 
be provided to by said network node; 

10 102. A computer-readable storage medium having a computer program for 
controlling a plurality of network nodes of a network, said computer program 
causing a network node to perform the steps of claim 101 after having 
received a message comprised of said digital data and said digital signature. 

103. The computer program according to claim 102, further controlling said network 
15 nodes to participate in and perform operations according to a method as 

specified by one of claims 90 to 100. 

104. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals of a public key system to participate in 
and perform operations according to a method as specified by one of claims 

20 90 to 101. 



105. A method for providing a secure communication for exchanging digital data in 
a client-server-system, said system comprises at least one server and a 
25 plurality of client terminals which are connected via a network, said method 

comprising the steps of: 

encrypting digital data by a client terminal of said system using a 
previously obtained first hash value as key information in a symmetric 
encryption scheme; 

30 providing said encrypting digital data and a previously obtained 

random token to a server of said system by said client terminal; 
whereby said first hash value is associated with said random token 
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5 and serves as a shared secret between said server and said client 

terminal; 

said server computing a second hash value of said provided random 
token and a fixed random value, whereby said fixed random value is a 
secret, private value in possession of said server and not disclosed to 
1 0 said plurality of client terminals; and 

decrypting said encrypted digital data by said server using said second 
hash value as key information according to said symmetric encryption 
scheme; 

106. The method according to claim 105, further comprising the steps of: 

1 5 obtaining said random token prior to said encrypting step; 

providing said random token to said server prior to said encrypting 
step; 

computing said first hash value of said random token and said fixed 
random value by said server prior to said encrypting step; and 

20 providing said first hash value to said client terminal prior to said 

encrypting step; 

107. The method according to claim 106, wherein said steps of 

obtaining said random token, 

providing said random token, 

25 computing said first hash value, and 

providing said first hash value 

are performed as part of an initial registration process of said client terminal 
with said server, and wherein all remaining steps are performed as part of the 
secure data exchange transaction of said digital data. 
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108. The method according to claim 106 or 107, wherein 

said step of providing said random token further comprises a prior step 
of encrypting said random token according to an asymmetric 
encryption scheme; and 

said step of computing said first hash value further comprises a prior 
step of decrypting said random token according to said asymmetric 
encryption scheme. 

109. The method according to one of claims 106 to 108, wherein 

said step of providing said first hash value to said client terminal further 
comprises a prior step of encrypting first hash value according to an 
asymmetric encryption scheme; and 

said client terminal further performs a step of decrypting the encrypted 
first hash value according to said respective asymmetric encryption 
scheme after having received said encrypted first hash value. 

110. The method according to one of claims 106 to 109, wherein said step of 
obtaining said random token comprises generating said random token at said 
client terminal. 

111. The method according to one of claims 106 to 109, wherein said steps of 
obtaining said random token and of providing said random token to said server 
are accomplished by a step of generating said random token at said server; 
and 

said step of providing said first hash value further comprises providing said 
generated random token to said client terminal; whereby said random token is 
encrypted and decrypted in the same manner as said first hash value if said 
first hash value is encrypted and decrypted in connection with said providing 
step. 

112. The method according to one of claims 105 to 109, wherein said server uses a 
plurality of different fixed random values, whereby all or some of said plurality 
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of different fixed random values can be used successive, concurrent or 
overlapping time periods, and wherein each of said plurality of different fixed 
random values can be used for at least one of the following: 

different groups of client terminals; 

different registration times of client terminals with said server; or 

different time periods or points in time for performing at least one of 
said steps of said method; 

113. The method according to one of claims 106 to 109 and claim 1 12, wherein said 
steps of obtaining said random token and of providing said random token to 
said server comprising a step of generating a part of said random token at said 
server; and 

said step of providing said first hash value further comprising providing said 
generated random token to said client terminal; whereby said random token is 
encrypted and decrypted in the same manner as said first hash value if said 
first hash value is encrypted and decrypted in connection with said providing 
step; and wherein 

said server further performing the step of: 

choosing a particular of said plurality of different fixed random values 
prior to said step of computing said first hash value; 

associating said particular of said plurality of different fixed random 
values with said generated part of said random token; 

establishing said particular of said plurality of different fixed random 
values prior to said step of computing said second hash value by 
determining said generated part from said provided random token and 
subsequently identifying the associated particular fixed random value 
thereof; 

114. The method according to one of claims 106 to 111 and claim 112, further 
comprising the steps of: 
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5 choosing a particular of said plurality of different fixed random values 

prior to said step of computing said new first hash value; 

establishing said particular of said plurality of different fixed random 
values prior to said step of computing said second hash value by 
successively testing each of said different fixed random values 
10 whether it produces a valid result in said following step of decrypting 

said encrypted digital data by said server. 

115. The method according to one of claims 105 to 114, further comprising the 
steps of: 

encrypting digital data of a reply message to said client terminal by 
15 said server using said second hash value as key information according 

to said symmetric encryption scheme; 

providing said encrypted digital data of said reply message to said 
client terminal; and 

decrypting said encrypted digital data of said reply message by said 
20 client terminal using said first hash value as key information according 

to said symmetric encryption scheme. 

116. The method according to one of claims 106 to 1 15, wherein said steps of 

obtaining said random token, 

providing said random token, 

25 computing said first hash value, and 

providing said first hash value 

are performed as new registration process of a client terminal with said server, 
if said fixed random value in possession of said server and used for said 
computing steps is replaced with a new fixed random value. 



30 117. The method according to claims 116 and one of claims 112 to 114, wherein 
said plurality of different fixed random values are replaced independently from 
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one each other, and wherein said method provides for selectively requiring a 
specific group of users that is associated with a specific one of said plurality of 
fixed random values to register again with said server. 

118. The method according to one of claims 105 to 1 17, wherein said client terminal 
remains anonymous for said server and wherein said server is not required to 
store record information on said client terminals containing their associated 
tokens, their associated hash values that are used as key information in the 
respective symmetric encryption scheme, other shared secrets previously 
established between said server and said client terminals, or identifiers of said 
client terminals in order to establish one of: said associated token, said 
associated hash value or said shared secret. 

119. A system for providing a secure communication for exchanging digital data, 
said system comprising at least one server and a plurality of client terminals 
which are connected via a network, said client terminals comprising: 

means for encrypting digital data using a previously obtained first hash 
value as key information in a symmetric encryption scheme; 

means for providing said encrypting digital data and a previously 
obtained random token to a server of said system; whereby said first 
hash value is associated with said random token and serves as a 
shared secret between said server and said client terminal; 

said at least one server comprising: 

means for computing a second hash value of said provided random 
token and a fixed random value, whereby said fixed random value is a 
secret, private value in possession of said server and not disclosed to 
said plurality of client terminals; and 

means for decrypting said encrypted digital data using said second 
hash value as key information according to said symmetric encryption 
scheme; 
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120. The system according to claim 119, wherein said client terminals further 
comprising: 

means for obtaining said random token prior to the encryption of said 
digital data; 

means for providing said random token to said server prior to said 
encryption of said digital data; and 

wherein said at least one server further comprising: 

means for computing said first hash value of said random token and 
said fixed random value prior to said encryption of said digital data; 
and 

means for providing said first hash value to said client terminal prior to 
said encryption of said digital data. 

121. The system according to claim 119 or 120, wherein said server means for 
providing said first hash value further comprises means for providing said 
partially generated random token to said client terminal; whereby said means 
provides further for said random token to be encrypted in the same manner as 
said first hash value if said first hash value is encrypted and decrypted in 
connection with said provision; and wherein 

said server further comprising: 

means for partially generating said random token; 

means for choosing a particular of a plurality of different fixed random 
values prior to said computing of said first hash value; 

means for associating said particular of said plurality of different fixed 
random values with said partially generated random token; 

means for establishing said particular of said plurality of different fixed 
random values prior to said step of computing said second hash value 
by establishing said partially generated random token from said 
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provided random token and subsequently identifying the associated 
fixed random value thereof; 

122. The system according to one of claims 1 19 to 121 , wherein said server further 
comprising: 

means for encrypting digital data of a reply message to said client 
terminal using said second hash value as key information according to 
said symmetric encryption scheme; and 

means for providing said encrypted digital data of said reply message 
to said client terminal; and wherein 

said client terminal further comprising: 

means for decrypting said encrypted digital data of said reply message 
using said first hash value as key information according to said 
symmetric encryption scheme. 

123. The system according to one of claims 119 to 122, further comprising means 
for accomplishing a method as specified by one of claims 106 to 1 18. 

124. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals to participate in and perform operations 
according to a method as specified by one of claims 105 to 1 1 8. 

125. A computer-readable storage medium having a computer program for 
controlling a server to participate in and perform operations according to a 
method as specified by one of claims 1 05 to 1 18. 



126. The method according to one of claims 105 to 1 18, further comprising a step of 
replacing said random token with a new random token to be used in the same 
manner as the original random token. 

127. The method according to claim 126, further comprising: 
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5 a step of generating said new random token by said server; 

a step of computing a new first hash value of said new random token 
and said fixed random value by said server; 

a step of encrypting said new first hash value by said server using said 
second hash value as key information according to said symmetric 
1 0 encryption scheme; 

a step of providing said encrypted new first hash value to said client 
terminal together with or in connection with a reply message of said 
server to said client terminal; 

a step of decrypting said encrypted new first hash value by said client 
1 5 terminal using said original first hash value; 

a step of obtaining said new random token by said client terminal; and 

a step of replacing said original random token at said client terminal 
with said new random token and replacing said original first hash value 
with said new first hash value at said client terminal; whereby said new 
20 random token and said new first hash value can be used in the same 

manner and applied to the steps of said method as described for the 
respective original random token and first hash value. 

128. The method according to claim 127, wherein said step of generating said new 
random token by said server comprises using a predetermined part of the 
25 message provided by said step of providing said encrypting digital data and 

said previously obtained random token to generate said new random token, 
whereby said predetermined part is one or more of the following: 

a predetermined part of said decrypted digital data, 

a predetermined part of said encrypted digital data, 



30 



a hash value performed on at least said predetermined part or 
said complete decrypted digital data, or 
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5 a hash value performed on at least said predetermined part or 

said complete encrypted digital data;. 

129. The method according to claim 128, wherein said step of obtaining said new 
random token by said client terminal comprises a step of generating said new 
random token by said client terminal using said predetermined part of the 

10 same message in the same manner as performed by said server in said first 

step of generating said new random token. 

130. The method according to claim 127, wherein said step of generating said new 
random token by said server is independent of any message or data provided 
by said client terminal to said server. 

15 131. The method according to claim 127, 128 or 130, wherein said step of obtaining 
said new random token comprises a step of providing said new random token 
to said client terminal, whereby said new random token is encrypted and 
decrypted in the same manner as or together with said new first hash value 
prior and after said providing step. 

20 132. The method according to claim 128 or 129 and claim 112, wherein said step of 
generating said new random token by said server further comprises generating 
a part of said new random token at said server independent of said provided 
message, said method further comprising the steps of: 

choosing a particular of said plurality of different fixed random values 
25 prior to said step of computing said new first hash value; 

associating said particular of said plurality of different fixed random 
values with said generated part of said new random token; and 

establishing said particular of said plurality of different fixed random 
values prior to said step of computing said second hash value by 
30 determining said generated part of said provided random token and 

subsequently identifying the associated particular fixed random value 
thereof. 
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133. The method according to claim 128 or 129 and claim 112, further comprising 
the steps of: 

choosing a particular of said plurality of different fixed random values 
by said server prior to said step of computing said new first hash value; 

establishing said particular of said plurality of different fixed random 
values by said server prior to said step of computing said second hash 
value by successively testing each of said different fixed random 
values whether it produces a valid result in said following step of 
decrypting said encrypted digital data by said server. 

134. The method according to claim 133, wherein said step of establishing depends 
on a timed schedule for said successively testing accounting for at least one of 
said plurality of different fixed random values. 

135. The method according to one of claims 126 to 134, wherein a new random 
token is generated, encrypted, provided, decrypted and replaced for at least 
one of the following: 

for each communication and data exchange transaction process 
between said client terminal and said server; 

for a predetermined number of said communications and data exchange 
transactions; 

upon request of a user associated with said client terminal; and 
upon request of said server. 

136. The system according to one of claims 1 19 to 123, wherein said server further 
comprising: 

means for generating a new random token; 

means for computing a new first hash value of said new random token 
and a fixed random value; and 
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means for encrypting said new first hash value using said second hash 
value as key information according to said symmetric encryption 
scheme; and 

wherein said system further comprising: 

means for providing said encrypted new first hash value to said client 
terminal together with or in connection with a reply message of said 
server to said client terminal; and 

wherein said client terminal further comprising: 

means for decrypting said encrypted new first hash value using said 
original first hash value; 

means for obtaining said new random token; and 

means for replacing said original random token at said client terminal 
with said new random token and replacing said original first hash value 
with said new first hash value at said client terminal; whereby said new 
random token and said new first hash value can be used in the same 
manner and applied to the means of said system as specified in 
connection with the respective original random token and first hash 
value. 

137. The system according to claims 136, further comprising means for 
accomplishing a method as specified by one of claims 128 to 135. 

138. A computer-readable storage medium having a computer program for 
controlling a plurality of client terminals to participate in and perform operations 
according to a method as specified by one of claims 126 to 1 35. 

139. A computer-readable storage medium having a computer program for 
controlling a server to participate in and perform operations according to a 
method as specified by one of claims 126 to 135. 



